From 8a4005cf2b0ef34265ff8051a6b76226685fc226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B8rn=20Erik=20Pedersen?= Date: Sun, 22 Dec 2019 22:51:45 +0100 Subject: Squashed 'docs/' changes from af4b7ac5b..54f0e8776 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 54f0e8776 Update image-actions.yml 94e5cad02 Update image-actions.yml 0ad20d226 Add a page about Hugo's Security Model 0dee16d11 Link to RĂ©gis Full Partials series 138782808 Update partialCached.md git-subtree-dir: docs git-subtree-split: 54f0e877670fd434c6903e20774fcf7eba9255fa --- .github/calibre/image-actions.yml | 3 +- .../hugo-security-model-featured.png | Bin 0 -> 85043 bytes content/en/about/security-model/index.md | 54 +++++++++++++++++++++ content/en/functions/partialCached.md | 6 ++- 4 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 content/en/about/security-model/hugo-security-model-featured.png create mode 100644 content/en/about/security-model/index.md diff --git a/.github/calibre/image-actions.yml b/.github/calibre/image-actions.yml index 938660243..fda8a00b3 100644 --- a/.github/calibre/image-actions.yml +++ b/.github/calibre/image-actions.yml @@ -1,2 +1,3 @@ ignorePaths: - - "resources/**" \ No newline at end of file + - "resources/**" + - "_vendor/**" diff --git a/content/en/about/security-model/hugo-security-model-featured.png b/content/en/about/security-model/hugo-security-model-featured.png new file mode 100644 index 000000000..5592d104b Binary files /dev/null and b/content/en/about/security-model/hugo-security-model-featured.png differ diff --git a/content/en/about/security-model/index.md b/content/en/about/security-model/index.md new file mode 100644 index 000000000..e6ab5f731 --- /dev/null +++ b/content/en/about/security-model/index.md @@ -0,0 +1,54 @@ +--- +title: Hugo's Security Model +description: A summary of Hugo's security model. +date: 2019-10-01 +layout: single +keywords: ["Security", "Privacy"] +menu: + docs: + parent: "about" + weight: 4 +weight: 5 +sections_weight: 5 +draft: false +aliases: [/security/] +toc: true +--- + +## Runtime Security + +Hugo produces static output, so once built, the runtime is the browser (assuming the output is HTML) and any server (API) that you integrate with. + +But when developing and building your site, the runtime is the `hugo` executable. Securing a runtime can be [a real challenge](https://blog.logrocket.com/how-to-protect-your-node-js-applications-from-malicious-dependencies-5f2e60ea08f9/). + +**Hugo's main approach is that of sandboxing:** + +* Hugo has a virtual file system and only the main project (not third-party components) is allowed to mount directories or files outside the project root. +* Only the main project can walk symbolic links. +* User-defined components have only read-access to the filesystem. +* We shell out to some external binaries to support [Asciidoctor](/content-management/formats/#list-of-content-formats) and simliar, but those binaries and their flags are predefined. General functions to run arbitrary external OS commands have been [discussed](https://github.com/gohugoio/hugo/issues/796), but not implemented because of security concerns. + +Hugo will soon introduce a concept of _Content Source Plugins_ (AKA _Pages from Data_), but the above will still hold true. + +## Dependency Security + +Hugo builds as a static binary using [Go Modules](https://github.com/golang/go/wiki/Modules) to manage its dependencies. Go Modules have several safeguards, one of them being the `go.sum` file. This is a database of the expected cryptographic checksums of all of your dependencies, including any transitive. + +[Hugo Modules](/hugo-modules/) is built on top of Go Modules functionality, and a Hugo project using Hugo Modules will have a `go.sum` file. We recommend that you commit this file to your version control system. The Hugo build will fail if there is a checksum mismatch, which would be an indication of [dependency tampering](https://julienrenaux.fr/2019/12/20/github-actions-security-risk/). + +## Web Application Security + +These are the security threats as defined by [OWASP](https://en.wikipedia.org/wiki/OWASP). + +For HTML output, this is the core security model: + +https://golang.org/pkg/html/template/#hdr-Security_Model + +In short: + +Templates authors (you) are trusted, but the data you send in is not. +This is why you sometimes need to use the _safe_ functions, such as `safeHTML`, to avoid escaping of data you know is safe. +There is one exception to the above, as noted in the documentation: If you enable inline shortcodes, you also say that the shortcodes and data handling in content files are trusted, as those macros are treated as pure text. +It may be worth adding that Hugo is a static site generator with no concept of dynamic user input. + +For content, the default Markdown renderer is [configured](/getting-started/configuration-markup) to remove or escape potentially unsafe content. This behavior can be reconfigured if you trust your content. diff --git a/content/en/functions/partialCached.md b/content/en/functions/partialCached.md index 7becea24b..48ef059d9 100644 --- a/content/en/functions/partialCached.md +++ b/content/en/functions/partialCached.md @@ -21,7 +21,6 @@ aliases: [] The `partialCached` template function can offer significant performance gains for complex templates that don't need to be re-rendered on every invocation. - **Note:** Each Site (or language) has its own `partialCached` cache, so each site will execute a partial once. Here is the simplest usage: @@ -42,4 +41,7 @@ If you need to pass additional parameters to create unique variants, you can pas {{ partialCached "footer.html" . .Params.country .Params.province }} ``` -Note that the variant parameters are not made available to the underlying partial template. They are only use to create a unique cache key. +Note that the variant parameters are not made available to the underlying partial template. They are only use to create a unique cache key. Since Hugo `0.61.0` you can use any object as cache key(s), not just strings. + + +> See also the [The Full Partial Series Part 1: Caching!](https://regisphilibert.com/blog/2019/12/hugo-partial-series-part-1-caching-with-partialcached/) -- cgit v1.2.3